CVSS 3.1 Score 5.4 of 10 (medium)


Published Jan 18, 2024
Updated: Jan 25, 2024


CVE-2023-49943 is a vulnerability found in Zoho ManageEngine ServiceDesk Plus MSP before version 14504. This vulnerability allows for stored cross-site scripting (XSS) attacks to be carried out by low-privileged technicians through the use of a task's name in a time sheet. The affected products include rF-Rf1, rF-Rf0, o_OV0D, o_OV0C, o_OV0F, o_OV0E, jErg7m, jErg7n, and many more. To remediate this vulnerability, it is recommended to update to the latest version of Zoho ManageEngine ServiceDesk Plus MSP. The potential danger this vulnerability poses to an organization is the risk of unauthorized access and manipulation of data through malicious scripts injected into the application.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-49943 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options